Download | Plain Text | No Line Numbers


  1. diff -Naur a/ext/standard/mail.c b/ext/standard/mail.c
  2. --- a/ext/standard/mail.c 2024-05-10 12:05:32.158512002 +0200
  3. +++ b/ext/standard/mail.c 2024-05-10 12:10:17.156368552 +0200
  4. @@ -54,6 +54,13 @@
  5. } \
  6. continue; \
  7. } \
  8. + else if (str[pos] == '\n' && (str[pos + 1] == ' ' || str[pos + 1] == '\t')) { \
  9. + pos += 1; \
  10. + while (str[pos + 1] == ' ' || str[pos + 1] == '\t') { \
  11. + pos++; \
  12. + } \
  13. + continue; \
  14. + } \
  15.  
  16. extern zend_long php_getuid(void);
  17.  
  18. @@ -200,6 +207,47 @@
  19. }
  20.  
  21.  
  22. +static long
  23. +count_recipients(const char *str, int len, int skip_field)
  24. +{
  25. + long recipients = 0;
  26. + int got_field, i;
  27. +
  28. + if (str == NULL || len <= 0)
  29. + return 0;
  30. +
  31. + got_field = skip_field;
  32. + for (i = 0; str[i]; i++) {
  33. + /* search for mime-fields
  34. + * either at beginning or after '\n' of the string
  35. + */
  36. + if (!got_field &&
  37. + (!strncasecmp(&str[i], "To: ", strlen("To: ")) ||
  38. + !strncasecmp(&str[i], "Cc: ", strlen("Cc: ")) ||
  39. + !strncasecmp(&str[i], "Bcc: ", strlen("Bcc: "))
  40. + )) {
  41. + if (i == 0 || (i > 0 && str[i - 1] == '\n'))
  42. + got_field = 1;
  43. + }
  44. +
  45. + /* search for every '@', don't stop at long headers */
  46. + if (got_field) {
  47. + if (str[i] == '@')
  48. + recipients++;
  49. + else if (str[i] == '\n')
  50. + if (i == len - 1 || (str[i + 1] != ' ' && str[i + 1] != '\t'))
  51. + got_field = 0;
  52. + }
  53. +
  54. + /* message body starts here */
  55. + if (i > 0 && str[i - 1] == '\n' && str[i] == '\n')
  56. + break;
  57. + }
  58. +
  59. + return recipients;
  60. +}
  61. +
  62. +
  63. /* {{{ Send an email message */
  64. PHP_FUNCTION(mail)
  65. {
  66. @@ -212,6 +260,8 @@
  67. size_t subject_len, i;
  68. char *force_extra_parameters = INI_STR("mail.force_extra_parameters");
  69. char *to_r, *subject_r;
  70. + long recipients = 0;
  71. + long max_recipients = INI_INT("sendmail_max_recipients");
  72.  
  73. ZEND_PARSE_PARAMETERS_START(3, 5)
  74. Z_PARAM_PATH(to, to_len)
  75. @@ -250,7 +300,9 @@
  76. * To prevent these separators from being replaced with a space, we use the
  77. * SKIP_LONG_HEADER_SEP to skip over them. */
  78. SKIP_LONG_HEADER_SEP(to_r, i);
  79. - to_r[i] = ' ';
  80. + php_error_docref(NULL, E_WARNING, "Disallowed characters in mail parameters, mail not sent.");
  81. + RETVAL_FALSE;
  82. + goto end;
  83. }
  84. }
  85. } else {
  86. @@ -268,7 +320,9 @@
  87. for (i = 0; subject_r[i]; i++) {
  88. if (iscntrl((unsigned char) subject_r[i])) {
  89. SKIP_LONG_HEADER_SEP(subject_r, i);
  90. - subject_r[i] = ' ';
  91. + php_error_docref(NULL, E_WARNING, "Disallowed characters in mail parameters, mail not sent.");
  92. + RETVAL_FALSE;
  93. + goto end;
  94. }
  95. }
  96. } else {
  97. @@ -281,12 +335,29 @@
  98. extra_cmd = php_escape_shell_cmd(ZSTR_VAL(extra_cmd));
  99. }
  100.  
  101. + /* count recipients */
  102. + if (max_recipients > 0) {
  103. + recipients += count_recipients(to, to_len, 1);
  104. + if (headers_str) {
  105. + recipients += count_recipients(ZSTR_VAL(headers_str), ZSTR_LEN(headers_str), 0);
  106. + }
  107. + if (extra_cmd) {
  108. + recipients += count_recipients(ZSTR_VAL(extra_cmd), ZSTR_LEN(extra_cmd), 1);
  109. + }
  110. + if (recipients > max_recipients) {
  111. + php_error_docref(NULL, E_WARNING, "Max recipients reached, mail not sent.");
  112. + RETVAL_FALSE;
  113. + goto end;
  114. + }
  115. + }
  116. +
  117. if (php_mail(to_r, subject_r, message, headers_str && ZSTR_LEN(headers_str) ? ZSTR_VAL(headers_str) : NULL, extra_cmd ? ZSTR_VAL(extra_cmd) : NULL)) {
  118. RETVAL_TRUE;
  119. } else {
  120. RETVAL_FALSE;
  121. }
  122.  
  123. +end:
  124. if (headers_str) {
  125. zend_string_release_ex(headers_str, 0);
  126. }
  127. @@ -395,10 +469,23 @@
  128. } \
  129. return val; \
  130.  
  131. + zval *zhttphost;
  132. + char *httphost = NULL;
  133. + if ((mail_log && *mail_log) || PG(mail_x_header)) {
  134. + if ((Z_TYPE(PG(http_globals)[TRACK_VARS_SERVER]) == IS_ARRAY || zend_is_auto_global_str(ZEND_STRL("_SERVER"))) &&
  135. + (zhttphost = zend_hash_str_find(Z_ARRVAL(PG(http_globals)[TRACK_VARS_SERVER]), ZEND_STRL("HTTP_HOST"))) != NULL &&
  136. + Z_TYPE_P(zhttphost) == IS_STRING &&
  137. + Z_STRLEN_P(zhttphost) > 0) {
  138. + httphost = Z_STRVAL_P(zhttphost);
  139. + } else {
  140. + httphost = "";
  141. + }
  142. + }
  143. +
  144. if (mail_log && *mail_log) {
  145. char *logline;
  146.  
  147. - spprintf(&logline, 0, "mail() on [%s:%d]: To: %s -- Headers: %s -- Subject: %s", zend_get_executed_filename(), zend_get_executed_lineno(), to, hdr ? hdr : "", subject);
  148. + spprintf(&logline, 0, "mail() on [%s:%d]: To: %s -- HTTP-Host: %s -- Headers: %s -- Subject: %s", zend_get_executed_filename(), zend_get_executed_lineno(), to, httphost, hdr ? hdr : "", subject);
  149.  
  150. if (hdr) {
  151. php_mail_log_crlf_to_spaces(logline);
  152. @@ -438,9 +525,9 @@
  153. f = php_basename(tmp, strlen(tmp), NULL, 0);
  154.  
  155. if (headers != NULL && *headers) {
  156. - spprintf(&ahdr, 0, "X-PHP-Originating-Script: " ZEND_LONG_FMT ":%s\r\n%s", php_getuid(), ZSTR_VAL(f), headers);
  157. + spprintf(&ahdr, 0, "X-PHP-Originating-Script: " ZEND_LONG_FMT ":%s\r\nX-PHP-HTTP-Host: %s\r\n%s", php_getuid(), tmp, httphost, headers);
  158. } else {
  159. - spprintf(&ahdr, 0, "X-PHP-Originating-Script: " ZEND_LONG_FMT ":%s", php_getuid(), ZSTR_VAL(f));
  160. + spprintf(&ahdr, 0, "X-PHP-Originating-Script: " ZEND_LONG_FMT ":%s\r\nX-PHP-HTTP-Host: %s", php_getuid(), tmp, httphost);
  161. }
  162. hdr = ahdr;
  163. zend_string_release_ex(f, 0);
  164. diff -Naur a/main/main.c b/main/main.c
  165. --- a/main/main.c 2021-01-08 11:11:27.123989785 +0100
  166. +++ b/main/main.c 2021-01-08 11:11:52.107807012 +0100
  167. @@ -742,6 +742,7 @@
  168. PHP_INI_ENTRY("precision", "14", PHP_INI_ALL, OnSetPrecision)
  169. PHP_INI_ENTRY("sendmail_from", NULL, PHP_INI_ALL, NULL)
  170. PHP_INI_ENTRY("sendmail_path", DEFAULT_SENDMAIL_PATH, PHP_INI_SYSTEM, NULL)
  171. + PHP_INI_ENTRY("sendmail_max_recipients", "5", PHP_INI_ALL, NULL)
  172. PHP_INI_ENTRY("mail.force_extra_parameters",NULL, PHP_INI_SYSTEM|PHP_INI_PERDIR, OnChangeMailForceExtra)
  173. PHP_INI_ENTRY("disable_functions", "", PHP_INI_SYSTEM, NULL)
  174. PHP_INI_ENTRY("disable_classes", "", PHP_INI_SYSTEM, NULL)
  175.